Skip to content
AI agent security

See, govern, and defend every AI agent your people run.

Your people are adopting AI agents and tools faster than security can see or govern them — and your monitoring, policy, and compliance frameworks don’t reach them yet. Alyria closes the gap: continuous visibility, policy-as-code you enforce at the endpoint, and detection & responsefor every agent — on a mesh whose cloud can’t read your secrets.

APGPrevention
Agent Policy Governance

Govern what every agent may do — its tools, models, data, and egress.

ADRDetection
Agent Detection & Response

See what every agent did, detect the threats, and respond.

alyria · fleet
Mesh healthy
1,284
Beacons online
3
Open CVEs
47
Policy blocks · 24h
92k
MCP calls · 24h
lyra/policy.rego
deny[msg] {
  tool := input.mcp.tool
  not capability.granted[tool]
  msg := "tool not brokered"
}
beacon-eu-14 blocked shell spawn from poisoned tool
ASI05

Built on open standards — no vendor lock-in

OAuth 2.1OpenTelemetryMCPOWASP ASINIST AI RMFISO/IEC 42001
The wedge

Every security SaaS becomes the breach target. We can’t.

A cloud control plane has to read your traffic to inspect it — so it becomes the thing worth attacking. Alyria enforces at the endpoint and brokers secrets it can never decrypt.

The cloud that reads your traffic

  • Must decrypt to inspect, route, and attribute.
  • Blind to shadow/local AI, un-gatewayed MCP, and OS-level exfil.
  • Every model + tool call takes a network hop; agentic loops stack seconds.
  • You have to trust it with your secrets.

Alyria — the cloud that can’t

  • Zero-knowledge broker: secrets are E2E, never decryptable by us.
  • Beacon sees the whole endpoint — shadow AI and kernel-level exfil included.
  • Policy is enforced locally, offline, with no cloud hop on the hot path.
  • Client crypto is open and auditable — the claim is verifiable.
How it works

Beacons form a Constellation, watched from the Observatory.

Governed by Lyra, with Umbra the part no one — not even us — can see into, and Spectra carrying the signal out. Six modules, one signed audit chain.

  1. 01

    Beacons

    A signed daemon on every machine inventories AI tooling and CVEs, and enforces policy where the work happens.

  2. 02

    Constellation

    Beacons form a mesh, sharing org memory over MCP — scoped by IdP division and role.

  3. 03

    Lyra

    One policy language governs which tools, models, data, and egress each agent may touch.

  4. 04

    Umbra

    Agents exchange keys and store secrets centrally — end-to-end, the cloud can't decrypt.

  5. 05

    Spectra

    OpenTelemetry streams to the cloud or straight into your Elastic/Kibana SIEM.

  6. 06

    Observatory

    You watch the whole fleet — health, CVEs, policy decisions, detections — from one console.

The two-pillar class

The agent-security market is bifurcating like the endpoint market did.

Prevention versus detection. Alyria spans both — with one engine and one signed audit log.

APGThe NGAV of agent security

Agent Policy Governance

Prevention — what an agent may do

  • Capability-brokered, information-flow-aware policy-as-code
  • Lyra engine + Beacon enforcement + Umbra secret leases
  • Deterministic, sub-millisecond, offline
ADRThe EDR of agent security

Agent Detection & Response

Detection — what an agent did

  • Behavioral + trajectory detection at the kernel plane
  • Beacon telemetry + Spectra correlation + Observatory response
  • Catches OS-level exfil a cloud gateway can't see
Standards anchor

OWASP ASI for what attackers do. NIST & ISO for how you govern it.

One signed audit chain covers both — legible to the compliance buyer and stronger for the adversarial one.

Read the security model →
ASI02
Tool misuse
ASI03
Identity & privilege
ASI04
Supply chain
ASI05
Code execution
ASI07
Inter-agent comms
ZK
Zero-knowledge mesh

Give your agents a control plane you don’t have to trust.

Deploy a Beacon, form your mesh, and broker secrets the cloud can never read. Open-core, on your terms.

No credit card. Security for the AI agents your people run. · Cybersecurity at the core.